You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2016/12/16 01:20:14 UTC

incubator-ranger git commit: RANGER-1255: updated policy engine initialization to handle invalid values in the downloaded policies JSON

Repository: incubator-ranger
Updated Branches:
  refs/heads/master 18e248a4c -> 5e7b555cd


RANGER-1255: updated policy engine initialization to handle invalid values in the downloaded policies JSON

Signed-off-by: Madhan Neethiraj <ma...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/5e7b555c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/5e7b555c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/5e7b555c

Branch: refs/heads/master
Commit: 5e7b555cd44e48f76c4b9939a3504459b9ab9523
Parents: 18e248a
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Tue Dec 13 17:47:44 2016 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu Dec 15 16:46:28 2016 -0800

----------------------------------------------------------------------
 .../policyengine/RangerPolicyRepository.java    | 34 ++++++++++++++++++++
 .../ranger/plugin/service/RangerBasePlugin.java |  2 +-
 .../ranger/biz/RangerPolicyRetriever.java       | 10 ++++--
 3 files changed, 43 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5e7b555c/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index b08d4c5..45bb278 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -681,12 +681,46 @@ class RangerPolicyRepository {
             }
         }
 
+        scrubPolicyItems(policyId, policy.getPolicyItems());
+        scrubPolicyItems(policyId, policy.getAllowExceptions());
+        scrubPolicyItems(policyId, policy.getDenyPolicyItems());
+        scrubPolicyItems(policyId, policy.getDenyExceptions());
+        scrubPolicyItems(policyId, policy.getRowFilterPolicyItems());
+        scrubPolicyItems(policyId, policy.getDataMaskPolicyItems());
+
         if (LOG.isDebugEnabled()) {
             LOG.debug("<== RangerPolicyRepository.scrubPolicy(" + policy + "): " + altered);
         }
         return altered;
     }
 
+    private void scrubPolicyItems(final Long policyId, final List<? extends RangerPolicy.RangerPolicyItem> policyItems) {
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("==> RangerPolicyRepository.scrubPolicyItems(" + policyId + "): ");
+        }
+
+        for (RangerPolicy.RangerPolicyItem policyItem : policyItems) {
+            removeNulls(policyItem.getUsers(), policyId, policyItem);
+            removeNulls(policyItem.getGroups(), policyId, policyItem);
+        }
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("<== RangerPolicyRepository.scrubPolicyItems(" + policyId + "): ");
+        }
+    }
+
+    private void removeNulls(Collection<String> strings, final Long policyId, final RangerPolicy.RangerPolicyItem policyItem) {
+        Iterator<String> iterator = strings.iterator();
+
+        while (iterator.hasNext()) {
+            String value = iterator.next();
+            if (value == null) {
+                LOG.warn("RangerPolicyRepository.removeNulls: found null user/group in policyItem '" + policyItem + "' in policy " + policyId + "!  Removing...");
+                iterator.remove();
+            }
+        }
+    }
+
     void reorderPolicyEvaluators() {
         if (LOG.isDebugEnabled()) {
             LOG.debug("==> reorderEvaluators()");

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5e7b555c/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index 326d650..c34aa19 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -184,7 +184,7 @@ public class RangerBasePlugin {
 				LOG.error("preCleanup() failed on the previous policy engine instance !!");
 			}
 		} catch (Exception e) {
-			LOG.error("setPolicies: policy engine initialization failed!  Leaving current policy engine as-is.");
+			LOG.error("setPolicies: policy engine initialization failed!  Leaving current policy engine as-is. Exception : ", e);
 		}
 	}
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5e7b555c/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
index 5258a74..1b6f440 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
@@ -637,7 +637,10 @@ public class RangerPolicyRetriever {
 						XXPolicyItemUserPerm xUserPerm = iterUserPerms.next();
 
 						if(xUserPerm.getPolicyitemid().equals(xPolicyItem.getId())) {
-							policyItem.getUsers().add(lookupCache.getUserName(xUserPerm.getUserid()));
+							String userName = lookupCache.getUserName(xUserPerm.getUserid());
+							if (userName != null) {
+								policyItem.getUsers().add(userName);
+							}
 						} else {
 							if(iterUserPerms.hasPrevious()) {
 								iterUserPerms.previous();
@@ -650,7 +653,10 @@ public class RangerPolicyRetriever {
 						XXPolicyItemGroupPerm xGroupPerm = iterGroupPerms.next();
 
 						if(xGroupPerm.getPolicyitemid().equals(xPolicyItem.getId())) {
-							policyItem.getGroups().add(lookupCache.getGroupName(xGroupPerm.getGroupid()));
+							String groupName = lookupCache.getGroupName(xGroupPerm.getGroupid());
+							if (groupName != null) {
+								policyItem.getGroups().add(groupName);
+							}
 						} else {
 							if(iterGroupPerms.hasPrevious()) {
 								iterGroupPerms.previous();